File Download Vulnerability in Element Web Client by Element
CVE-2024-51749
Currently unrated
What is CVE-2024-51749?
Versions of the Element Web and Desktop applications prior to 1.11.85 contain a vulnerability that allows for the addition of misleading thumbnails to events. This flaw permits an attacker to trigger unexpected file downloads simply by clicking on these manipulated thumbnails, posing a potential risk to users by facilitating unauthorized content retrieval. The issue has been addressed in the element-web release 1.11.85, which ensures proper validation of thumbnails for attachments, stickers, and images.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.